Security news aggregator

Latest coverage for MFA

MFA reduces account takeover by requiring another proof of identity, limiting damage from stolen passwords; protect fallback and recovery paths too.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

MFA requires a user to prove identity with at least two different factor types: something they know, have, or are. It limits account takeover when a password is exposed, but protection depends on the factors and their implementation; two passwords are not independent factors, and a one-time code delivered by SMS is generally weaker than a phishing-resistant credential.

Attackers may steal or relay one-time codes through phishing, trigger repeated push prompts to induce approval, exploit weak enrollment or account-recovery processes, or hijack an authenticated session after MFA succeeds. Prefer phishing-resistant methods such as FIDO2/WebAuthn security keys or platform credentials for sensitive access, protect enrollment and recovery as strongly as login, restrict weaker fallbacks, and monitor unusual authentication activity. MFA reduces risk but does not replace endpoint, session, or privileged-access controls.

Showing 3 most recent headlines Filtered view
Bank Info Security 11 months, 3 weeks ago

Identity Threats Target Small Businesses in MFA Workarounds

Huntress's Kyle Hanslovan Warns of MFA Bypass, Rogue Apps, Fake Device EnrollmentsCybercriminals are bypassing MFA using session tokens and rogue app access, with shadow workflows enabling persistent inbox theft against SMBs. Huntress offers behavioral training and managed identity response to SMBs for real protection not just more alerts, says CEO Kyle Hanslovan.

Bank Info Security 11 months, 3 weeks ago

The MFA Illusion: Rethinking Identity for Non-Human Agents

As Agentic AI Takes Over Workflows, Traditional Authentication Practices Fall ShortThe explosion of agentic AI and autonomous bots to orchestrate cross-system tasks is turning MFA into a brittle defense. Non-human identities often bypass human-centric security controls, operating with static credentials and undefined ownership, creating exploitable identity risks.